Senior Manual Ethical Hacker
Company: Bank of America
Location: Denver
Posted on: April 3, 2026
|
|
|
Job Description:
Job Description: At Bank of America, we are guided by a common
purpose to help make financial lives better through the power of
every connection. We do this by driving Responsible Growth and
delivering for our clients, teammates, communities and shareholders
every day. Being a Great Place to Work is core to how we drive
Responsible Growth. This includes our commitment to being an
inclusive workplace, attracting and developing exceptional talent,
supporting our teammates’ physical, emotional, and financial
wellness, recognizing and rewarding performance, and how we make an
impact in the communities we serve. Bank of America is committed to
an in-office culture with specific requirements for office-based
attendance and which allows for an appropriate level of flexibility
for our teammates and businesses based on role-specific
considerations. At Bank of America, you can build a successful
career with opportunities to learn, grow, and make an impact. Join
us! Job Description: Manual Ethical Hacking is part of the
Application Development Security Framework Program within Bank of
America’s Cyber Security Assurance Offensive Security group. The
program provides services to assess the security resilience of the
bank’s applications to malicious hacking activity. This senior
technical role is responsible performing and leading ethical
hacking assessments of the bank's technologies, applications, and
cyber security controls while adapting testing methods to evolving
and emerging threats. Key responsibilities include leading and
performing research, understanding the bank's security policies,
working with appropriate partners to complete assessments and
simulations, identifying misconfigurations and vulnerabilities, and
reporting on associated risk. These individuals partner closely
with security partners, CIO clients and multiples lines of
business. These individuals are expected to perform application
security-oriented dynamic and static assessments across a multitude
of technologies including web UI, web APIs, mobile and cloud,
including associated source code. Key Responsibilities in order of
importance: Perform assigned analysis of internal and external
threats on information systems and predict future threat behavior.
Incorporate threat actors' tactics, techniques, and procedures into
offensive security testing to identify high-value
vulnerabilities/chained attacks. Developing Proof-of-concepts for
exploitation. Perform assessments of the security, effectiveness,
and practicality of multiple technology systems. Leverage
innovative thinking to help solve problems or introduce new ideas
to processes or products applicable to offensive security. Prepare
and present detailed technical information for various media
including documents, reports, and notifications. Provide clear and
practical advice regarding managing risks. Learn and develop
advanced technical and leadership skills, mentor Junior and
Intermediate assessors in technical tradecraft and soft skills.
Respond to security incidents and provide technical assistance to
leadership across the Information Security organization. Required
Skills: Minimum of 5 years of professional pentesting, application
security or ethical hacking experience, preferably in a large,
complex, enterprise environment Detailed technical knowledge in at
least 5 of the following areas: security engineering application
architecture authentication and security protocols application
session management applied cryptography common communication
protocols mobile frameworks single sign-on technologies exploit
automation platforms Web APIs Cloud environments LLM security
Mobile application analysis Able to manually identify and reproduce
findings, discuss remediation concepts, develop PoCs for
vulnerabilities, use scripting/coding techniques, proficiently
execute common penetration testing tools, triage, and support
incidents, and produce high value findings Experience performing
manual web application assessments i.e., must be able to simulate a
OWASP Top 10 vulnerabilities without the use of tools Experience
performing manual code reviews for security relevant issues
Experience working with DAST and SAST tools to identify
vulnerabilities Knowledge of network and Web related
protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies)
Experience with vulnerability assessment tools and penetration
testing techniques. Solid programming/debugging skills, development
frameworks, CVE and CWE research/reproduction Threat Analysis,
threat modelling and SBOM analysis Innovative thinking, threat
actor simulation Technology Systems Assessment Technical
Documentation Advisory Desired: CEH,
OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port
Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE
Pentester Academy] Strong programming/scripting skills Frida Binary
analysis (disassembly skills) Skills: Advisory Innovative Thinking
Technical Documentation Technology System Assessment Threat
Analysis Adaptability Collaboration Scenario Planning and Analysis
Test Engineering Written Communications Attention to Detail
Information Systems Management Issue Management Presentation Skills
Prioritization This job will be open and accepting applications for
a minimum of seven days from the date it was posted. Shift: 1st
shift (United States of America) Hours Per Week: 40 Pay
Transparency details US - CO - Denver - 1144 15th St - Denver Gis
(CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW
(DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America
Plaza (IL4540), US - MA - Boston - 100 Federal St - 100 Federal St
Lp (MA5100), US - NJ - Jersey City - 101 Hudson St - 101 Hudson
(NJ2101), US - WA - Seattle - 401 Union St - Rainier Square
(WA1510) Pay and benefits information Pay range $160,000.00 -
$205,000.00 annualized salary, offers to be determined based on
experience, education and skill set. Discretionary incentive
eligible This role is eligible to participate in the annual
discretionary plan. Employees are eligible for an annual
discretionary award based on their overall individual performance
results and behaviors, the performance and contributions of their
line of business and/or group; and the overall success of the
Company. Benefits This role is currently benefits eligible. We
provide industry-leading benefits, access to paid time off,
resources and support to our employees so they can make a genuine
impact and contribute to the sustainable growth of our business and
the communities we serve.
Keywords: Bank of America, Vail , Senior Manual Ethical Hacker, IT / Software / Systems , Denver, Colorado
